pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-04-26 01:52:48 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Bugfix for nRF Crypto 90% done, includes heavy debug code, do not merge for now.

Browse Source
This commit is contained in:
Thomas Göttgens 2022-06-04 10:37:24 +02:00
parent 1ff0032c20
commit df9e9bc223
4 changed files with 92 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/esp32/ESP32CryptoEngine.cpp
View File

@ -49,12 +49,13 @@ class ESP32CryptoEngine : public CryptoEngine
*/ */
virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
{ {
hexDump("before", bytes, numBytes, 16);
if (key.length > 0) { if (key.length > 0) {
uint8_t stream_block[16]; uint8_t stream_block[16];
static uint8_t scratch[MAX_BLOCKSIZE]; static uint8_t scratch[MAX_BLOCKSIZE];
size_t nc_off = 0; size_t nc_off = 0;
// DEBUG_MSG("ESP32 crypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes); DEBUG_MSG("ESP32 crypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
initNonce(fromNode, packetId); initNonce(fromNode, packetId);
assert(numBytes <= MAX_BLOCKSIZE); assert(numBytes <= MAX_BLOCKSIZE);
memcpy(scratch, bytes, numBytes); memcpy(scratch, bytes, numBytes);
@ -64,12 +65,11 @@ class ESP32CryptoEngine : public CryptoEngine
auto res = mbedtls_aes_crypt_ctr(&aes, numBytes, &nc_off, nonce, stream_block, scratch, bytes); auto res = mbedtls_aes_crypt_ctr(&aes, numBytes, &nc_off, nonce, stream_block, scratch, bytes);
assert(!res); assert(!res);
} }
hexDump("after", bytes, numBytes, 16);
} }
virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
{ {
// DEBUG_MSG("ESP32 decrypt!\n");
// For CTR, the implementation is the same // For CTR, the implementation is the same
encrypt(fromNode, packetId, numBytes, bytes); encrypt(fromNode, packetId, numBytes, bytes);
} }

74
src/mesh/CryptoEngine.cpp
View File

@ -3,7 +3,7 @@
void CryptoEngine::setKey(const CryptoKey &k) void CryptoEngine::setKey(const CryptoKey &k)
{ {
DEBUG_MSG("Installing AES%d key!\n", k.length * 8); DEBUG_MSG("Using AES%d key!\n", k.length * 8);
/* for(uint8_t i = 0; i < k.length; i++) /* for(uint8_t i = 0; i < k.length; i++)
DEBUG_MSG("%02x ", k.bytes[i]); DEBUG_MSG("%02x ", k.bytes[i]);
DEBUG_MSG("\n"); */ DEBUG_MSG("\n"); */
@ -26,6 +26,78 @@ void CryptoEngine::decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes
DEBUG_MSG("WARNING: noop decryption!\n"); DEBUG_MSG("WARNING: noop decryption!\n");
} }
// Usage:
// hexDump(desc, addr, len, perLine);
// desc: if non-NULL, printed as a description before hex dump.
// addr: the address to start dumping from.
// len: the number of bytes to dump.
// perLine: number of bytes on each output line.
void CryptoEngine::hexDump (const char * desc, const void * addr, const int len, int perLine)
{
// Silently ignore silly per-line values.
if (perLine < 4 || perLine > 64) perLine = 16;
int i;
unsigned char buff[perLine+1];
const unsigned char * pc = (const unsigned char *)addr;
// Output description if given.
if (desc != NULL) DEBUG_MSG ("%s:\n", desc);
// Length checks.
if (len == 0) {
DEBUG_MSG(" ZERO LENGTH\n");
return;
}
if (len < 0) {
DEBUG_MSG(" NEGATIVE LENGTH: %d\n", len);
return;
}
// Process every byte in the data.
for (i = 0; i < len; i++) {
// Multiple of perLine means new or first line (with line offset).
if ((i % perLine) == 0) {
// Only print previous-line ASCII buffer for lines beyond first.
if (i != 0) DEBUG_MSG (" %s\n", buff);
// Output the offset of current line.
DEBUG_MSG (" %04x ", i);
}
// Now the hex code for the specific character.
DEBUG_MSG (" %02x", pc[i]);
// And buffer a printable ASCII character for later.
if ((pc[i] < 0x20) || (pc[i] > 0x7e)) // isprint() may be better.
buff[i % perLine] = '.';
else
buff[i % perLine] = pc[i];
buff[(i % perLine) + 1] = '\0';
}
// Pad out last line if not exactly perLine characters.
while ((i % perLine) != 0) {
DEBUG_MSG (" ");
i++;
}
// And print the final ASCII buffer.
DEBUG_MSG (" %s\n", buff);
}
/** /**
* Init our 128 bit nonce for a new packet * Init our 128 bit nonce for a new packet
*/ */

2
src/mesh/CryptoEngine.h
View File

@ -56,6 +56,8 @@ class CryptoEngine
* a 32 bit block counter (starts at zero) * a 32 bit block counter (starts at zero)
*/ */
void initNonce(uint32_t fromNode, uint64_t packetId); void initNonce(uint32_t fromNode, uint64_t packetId);
void hexDump(const char * desc, const void * addr, const int len, int perLine);
}; };
extern CryptoEngine *crypto; extern CryptoEngine *crypto;

22
src/nrf52/NRF52CryptoEngine.cpp
View File

@ -16,48 +16,54 @@ class NRF52CryptoEngine : public CryptoEngine
*/ */
virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
{ {
// DEBUG_MSG("NRF52 encrypt!\n"); hexDump("before", bytes, numBytes, 16);
if (key.length > 16) { if (key.length > 16) {
DEBUG_MSG("Software encrypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
AES_ctx ctx; AES_ctx ctx;
initNonce(fromNode, packetId); initNonce(fromNode, packetId);
AES_init_ctx_iv(&ctx, key.bytes, nonce); AES_init_ctx_iv(&ctx, key.bytes, nonce);
AES_CTR_xcrypt_buffer(&ctx, bytes, numBytes); AES_CTR_xcrypt_buffer(&ctx, bytes, numBytes);
} else if (key.length > 0) { } else if (key.length > 0) {
DEBUG_MSG("nRF52 encrypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
nRFCrypto.begin(); nRFCrypto.begin();
nRFCrypto_AES ctx; nRFCrypto_AES ctx;
uint8_t myLen = ctx.blockLen(numBytes); uint8_t myLen = ctx.blockLen(numBytes);
DEBUG_MSG("nRF52 encBuf myLen=%d!\n", myLen);
char encBuf[myLen] = {0}; char encBuf[myLen] = {0};
memcpy(encBuf, bytes, numBytes);
initNonce(fromNode, packetId); initNonce(fromNode, packetId);
ctx.begin(); ctx.begin();
ctx.Process(encBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.encryptFlag, ctx.ctrMode); ctx.Process((char*)bytes, numBytes, nonce, key.bytes, key.length, encBuf, ctx.encryptFlag, ctx.ctrMode);
ctx.end(); ctx.end();
nRFCrypto.end(); nRFCrypto.end();
memcpy(bytes, encBuf, numBytes);
} }
hexDump("after", bytes, numBytes, 16);
} }
virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
{ {
// DEBUG_MSG("NRF52 decrypt!\n"); hexDump("before", bytes, numBytes, 16);
if (key.length > 16) { if (key.length > 16) {
DEBUG_MSG("Software decrypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
AES_ctx ctx; AES_ctx ctx;
initNonce(fromNode, packetId); initNonce(fromNode, packetId);
AES_init_ctx_iv(&ctx, key.bytes, nonce); AES_init_ctx_iv(&ctx, key.bytes, nonce);
AES_CTR_xcrypt_buffer(&ctx, bytes, numBytes); AES_CTR_xcrypt_buffer(&ctx, bytes, numBytes);
} else if (key.length > 0) { } else if (key.length > 0) {
DEBUG_MSG("nRF52 decrypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
nRFCrypto.begin(); nRFCrypto.begin();
nRFCrypto_AES ctx; nRFCrypto_AES ctx;
uint8_t myLen = ctx.blockLen(numBytes); uint8_t myLen = ctx.blockLen(numBytes);
DEBUG_MSG("nRF52 decBuf myLen=%d!\n", myLen);
char decBuf[myLen] = {0}; char decBuf[myLen] = {0};
memcpy(decBuf, bytes, numBytes);
initNonce(fromNode, packetId); initNonce(fromNode, packetId);
ctx.begin(); ctx.begin();
ctx.Process(decBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.decryptFlag, ctx.ctrMode); ctx.Process((char*)bytes, numBytes, nonce, key.bytes, key.length, decBuf, ctx.decryptFlag, ctx.ctrMode);
ctx.end(); ctx.end();
nRFCrypto.end(); nRFCrypto.end();
memcpy(bytes, decBuf, numBytes);
} }
hexDump("after", bytes, numBytes, 16);
} }
private: private: